• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CIS13: Identity Trends and Transients
 

CIS13: Identity Trends and Transients

on

  • 464 views

Eve Maler, Principal Analyst Serving Security and Risk Professionals, Forrester ...

Eve Maler, Principal Analyst Serving Security and Risk Professionals, Forrester
What are the bona fide trends in the shifting identity and access landscape? Which are mere shiny objects, destined to fade quickly and leave their fans in IT disappointed.

Statistics

Views

Total Views
464
Views on SlideShare
464
Embed Views
0

Actions

Likes
0
Downloads
18
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CIS13: Identity Trends and Transients CIS13: Identity Trends and Transients Presentation Transcript

    • Making Leaders Successful Every Day
    • Trends, Transients, Tropes, and Transparents Eve Maler, Principal Analyst, Security & Risk Cloud Identity Summit July 10, 2013
    • © 2012 Forrester Research, Inc. Reproduction Prohibited What are the T4 all about? 3 Less well noticed Well noticed Transparents Transients Trends Tropes ClosertotruthinessClosertoessentialtruth •  What are they? •  What is the evidence? •  What should you do about them?
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: webdevification of IT 4 Source: John Musser (formerly) of ProgrammableWeb.com IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS DIGITAL PLATFORM
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Confront the changes in your power relationship 5 value X friction Y ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION
    • © 2012 Forrester Research, Inc. Reproduction Prohibited 6 Source: April 5, 2013 Forrester report “API Management For Security Pros” A lot of identities float around an API ecosystem
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Open Web APIs are, fortunately, friendly to the Zero Trust security model 7 Initially treat all access requesters as untrusted. Require opt-in access. Apply identity federation through APIs. Source: November 15, 2012, Forrester report “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security”
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: IAM x cloud 8 ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH Federate at run time Bind to authn repository Synch accounts Issue an unrelated account
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Identity plays only an infrastructural role in most cloud platforms 9 cloud services IAM functions user base and attributes cloud identity product with an actual SKU KEEP AN EYE OUT FOR DISRUPTION COMING FROM THE “CISDH” PLAYERS
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Transient: XACML Adoption has government/compliance drivers, few accelerators, and many inhibitors It’s critical to open up the market for long-tail policy evaluation engines Webdevified scenarios demand different patterns of outsourced authorization XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Authz grain needs to get…finer-grained 11 policy input resource accessed roles groups attributes entitlements domain URL path sets of API calls field XACML etc. scope- grained authz WAM
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Plan for a new “Venn” of access control 12 AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Trope: “Passwords are dead” OH, YEAH? correct horse battery staple
    • © 2012 Forrester Research, Inc. Reproduction Prohibited We struggle to maximize authentication quality 14 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report PARTICULARLY IN CONSUMER-FACING SERVICES
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Authentication schemes have different characteristics 15 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” ✘ ✔ ?✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✔ ✔ ✔ * *S2 is an affordance of passwords for “consensual impersonation”
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Think in terms of “responsive design” for authentication 16 LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM User identification based on something they… Know Have Are Do
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Transparent: time-to-live strategies EXPIRATION HAS OUTSIZED VALUE VS. EXPLICIT REVOCATION OF ACCESS IN ZERO-TRUST ENVIRONMENTS
    • © 2012 Forrester Research, Inc. Reproduction Prohibited Summary of the T4 18 Less well noticed Well noticed Transparent: Time-to-live strategies Transient: XACML Trends: Webdevification of IT Cloud x IAM Trope: “Passwords are dead” ClosertotruthinessClosertoessentialtruth
    • Thank you Eve Maler +1 617.613.8820 emaler@forrester.com @xmlgrrl